SOC 3 for Service Organizations: Trust Services Criteria for General Use Report is a short, publicly facing summary of the SOC 2 Type 2 attestation report for users who need assurances about service organization’s controls but don’t need a full SOC 2 report or aren’t eligible under SOC 2 to receive one. Because SOC 3 reports are general use reports, they can be freely distributed.

A SOC 3 report contains a written assertion by service organization management regarding control effectiveness to achieve commitments based on the applicable trust services criteria, and service auditor’s opinion on whether management’s assertion is stated fairly.